Security Advisory 2024-0018 (GHSL-2024-248, CVE-2024-47600)
|
|
Summary |
Out-of-bounds read in gst-discoverer-1.0 commandline tool |
Date |
2024-12-03 20:00 |
Affected Versions |
GStreamer gst-plugins-base < 1.24.10 |
IDs |
GStreamer-SA-2024-0018 GHSL-2024-248 CVE-2024-47600 |
Details
Out-of-bounds reads in the gst-discoverer-1.0 commandline tool that can cause
crashes for certain input files.
Impact
It is possible for a malicious third party to trigger out-of-bounds reads that
can result in a crash of the application.
This only affects the gst-discoverer-1.0 commandline tool and not any other
applications using GStreamer.
Solution
The gst-plugins-base 1.24.10 release addresses the issue. People using older
branches of GStreamer should apply the patch and recompile.
References
The GStreamer project
CVE Database Entries
GStreamer releases
1.24 (current stable)
Patches